CVE-2019-18189
published 2019-10-28CVE-2019-18189: A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass…
PriorityP263critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
4.54%
90.4th percentile
A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user. The vulnerability does not require authentication.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| trendmicro | officescan | — | — |
| trendmicro | officescan | — | — |
| trendmicro | worry-free_business_security | — | — |
| trendmicro | worry-free_business_security | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-q46j-mg66-8mgv: A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11
ghsa_unreviewed·2022-05-24
CVE-2019-18189 [CRITICAL] CWE-22 GHSA-q46j-mg66-8mgv: A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11
A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product?s management console as a root user. The vulnerability does not require authentication.
Red Hat
sox: OOB read in function read_samples in xa.c:219 causing denial of service
vendor_redhat·2019-07-14·CVSS 7.5
CVE-2019-1010004 [HIGH] CWE-125 sox: OOB read in function read_samples in xa.c:219 causing denial of service
sox: OOB read in function read_samples in xa.c:219 causing denial of service
SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds Read. The impact is: Denial of Service. The component is: read_samples function at xa.c:219. The attack vector is: Victim must open specially crafted .xa file. NOTE: this may overlap CVE-2017-18189.
An out-of-bounds read vulnerability was found in sox, due to insufficient validation of input data. An attacker could abuse this flaw by crafting a sound file that can cause the system to crash when read by sox or by an application using the sox library.
Statement: This issue is only a security vulnerability for applications linking against libsox, that may be caused to crash prematurely or even, under special circumstances, disclose sensitive mem
No detection rules found.
No public exploits indexed.
2019-10-28
Published